Encrypt credentials/Django settings to store in repositories
Project description
encrypted-credentials encrypts credentials to allow them to be securely added to git repositories.
It can import encrypted settings into Django defined in a python module and or a json file. Encrypted files are automatically generated.
Django settings
example
PRIVATE_settings.py
File stored in folder with django settings.py file
private_settings = {
"AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
"AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}
settings.json
File stored in folder with django settings.py file
{
"AWS_ACCESS_KEY_ID":"ABCDEFGHIJKLMNOP",
"AWS_SECRET_ACCESS_KEY":"ABCDEFGHIJKLMNOP"
}
settings.py
from encrypted_credentials.django_credentials import add_encrypted_settings
add_encrypted_settings(globals())
Upon first execution a PRIVATE_KEY.env file will be generated with a random encryption key. DO NOT check this into repository. if PRIVATE_settings.py does not exist it will generate a template module.
set environment variable
export SETTINGS_KEY=FQQcgYWCBPE8l8IbHdcNie0WARbYHeFwCl4hIL3ecF0=
- If the
settings.json
file exists andsettings.json.enc
does not exist thensettings.json.enc
will be created.(development) - If
settings.json
andsettings.json.enc
exist then they will be compared and if differentsettings.json.enc
will be overwritten.(development) - If
settings.json
does not exist thensettings.json.enc
will be used (production)
settings.json.enc and or PRIVATE_settings.enc can be checked into git as it is encrypted with Fernet AES128 encryption
Credential files
get_decrypted_file
will automatically encrypt the original file and supply the decrypted data
from encrypted_credentials.encrypted_file import get_decrypted_file
get_decrypted_file('full_path/orginal.pem')
original.pem.enc can be checked into a repository
Credential files with Django
By default environment variable SETTINGS_KEY will be used as key
settings.py
CREDENTIAL_FOLDER = os.path.join(BASE_DIR, 'credentials')
CREDENTIAL_FILES = {
'gmail': 'service-account-abcd.json',
'drive': 'service-account-efgh.json',
}
service-account-abcd.json.enc
usage
from encrypted_credentials.django_credentials import get_credentials
credentials = get_credentials('gmail')
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for encrypted-credentials-0.0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | d62d794832f576c39dd5b07dd43eaa58b80f6cb4f8df3c1638bf2b9029f22da1 |
|
MD5 | 3bf5a82119fa5bcb493e5b91e31e6ec3 |
|
BLAKE2b-256 | 36abd61db3f68e10e0f2e549532f3ff5b737a6157cc425888e713847cfb15d05 |
Hashes for encrypted_credentials-0.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 3744280945e5c33db367fb0ff93630e99f0dfbc61d2beee4834b4183a7e2f70f |
|
MD5 | 2991e6d6cf3d4f049df02fc1a462496c |
|
BLAKE2b-256 | 0b30e70e3fa33a3cd1c24c27c6788ca57f66a349bf565025f8ab10f6e3087216 |